Publication Type

Conference Proceeding Article

Version

acceptedVersion

Publication Date

2-2022

Abstract

We present ScriptChecker, a novel browser-based framework to effectively and efficiently restrict third-party script execution according to the host web page’s directives. Different from all existing schemes functioning at the JavaScript layer, ScriptChecker holistically harnesses context separation and the browser’s security monitors to enforce on-demand access controls upon tasks executing untrusted code. The host page can flexibly assign resource-access capabilities to tasks upon their creation. Reaping the benefits of the task capability approach, ScriptChecker outperforms existing techniques in security, usability and performance. We have implemented a prototype of ScriptChecker on Chrome and rigorously evaluated its security against 1373 malicious scripts and its usability with empirical studies upon top-1000 sites. The experimental results show that its strong security strength and ease-of-use are attained at the cost of unnoticeable performance loss. It incurs about 0.2 microseconds overhead to mediate a DOM access, and 5% delay when loading popular JS graphics and utility libraries.

Discipline

Databases and Information Systems

Research Areas

Information Systems and Management

Publication

Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, California, 2022 February 27- March 3

First Page

1

Last Page

17

Publisher

Internet Society

City or Country

San Diego, California

Share

COinS